The Control Layer generates security policies and deploys those protections to enforcement points.
Enforcement points may be implemented as network security gateways, host-based software, mobile device applications, or virtual machines in the cloud.
Security Solutions commonly implemented within the Control layer include firewall, anti-virus, application control, threat emulation, anti-bot, anti-spam and email security, data loss prevention (DLP), and intrusion prevention systems (IPS).
This layer supports the enterprise segmentation and enables the definition of access and data control policies and the activation of threat prevention separately.
The Management Layer provides visibility into what is happening in the network, supports proactive incident response, and provides the intelligence required to tailor security controls for the organization.